VULHUB ™

Microsoft Data Access Component Internet Publishing Provider fails to properly determine the origin of WebDAV requests. An attacker could compose a web page or HTML email containing a malicious script. The script could be devised to launch WebDAV requests for resources in the user's domain. If a user accessed the hostile script it would run locally on the user's system. Due to the inability to properly handle WebDAV requests, the requested resources may be revealed to the attacker depending on the permissions the user has within his domain. If the user has permissions to add, delete, change, etc. these files the attacker could take such actions on a target host.

Microsoft Data Access Component Internet Publishing Provider fails to properly determine the origin of WebDAV requests. An attacker could compose a web page or HTML email containing a malicious script. The script could be devised to launch WebDAV requests for resources in the user's domain. If a user accessed the hostile script it would run locally on the user's system. Due to the inability to properly handle WebDAV requests, the requested resources may be revealed to the attacker depending on the permissions the user has within his domain. If the user has permissions to add, delete, change, etc. these files the attacker could take such actions on a target host.